Supernetting: Combining A-Class IP address with C-Class IP Address

Hi there,
I'm trying to setup a network containing:
 a Sun server with private IP 192.1.1.1
 several hosts with private IP 192.168.2.x
 a hubswitch
 a linux server as a gateway to the internet, with LAN iface IP 192.168.3.254 and WAN iface.

everything working except the hosts cannot ping to Sun Server. Can it be solved by modifying routing table in the linux gateway? I dont have more router to split the server from the hosts network.
The IP address of Sun Server cannot be changed because of that IP have been Hard-Coded into internal accounting system build by Software Department, and they dont want to modify their source.
Thanks in advance.
m98yahyaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JivkoCommented:
Yes it is possible

There is two ways

On the linux router:

assign IP address 192.168.1.2 to the ethernet interface

ifconfig eth0:1 192.1.1.2 netmask 255.255.255.252 broadcast 192.1.1.3

Or just add a static route to Sun

By iproute2:
ip route add 192.1.1.1 dev eth0

By old route:
route add 192.1.1.1 dev eth0


Regards





0
m98yahyaAuthor Commented:
thanks jivko, i'll try it tomorrow as the office closed in friday and saturday.
0
brabardCommented:
It is very interesting what happen with your addressing . Your Sun's A-class ip address is a public one , so it can be routed trough the Net . I believe you didn't post the real address here :))
The second thing - once you have private ip address 192.168.3.x in your internal iface , how host belonging to another network - 192.168.2.x are connected to network ?
0
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

m98yahyaAuthor Commented:
Hi Brabard,
 Nice to get your comment, actually thats the real ip! ;). I'm working for system integrator company, as system analyst (programming). This is my first job in networking, so i need to learn a lot. Please guide me.
I know my customer use public ip, owned by bbn.com. The problem is they dont want to change the ip number as it require a lot of work (at their part).
Is it possible to access the sun server from outside, just because the ip is valid? I've setup a firewall so all access to internet must go through it.

Your second comment is more interesting. as a matter of fact, the customer want use 192.168.3.x for fix ip nodes, and 192.168.2.x for dynamic ip nodes, all in the same switch. so I'll going to combine 192.168.3.x, 192.168.2.x and 192.1.1.1 in one LAN. Do I need to set route as jivko told me for 192.168.2.x too?

lastly, what topic/article/book you recommend me to refer.
Thanks a lot to you guys
Best regards,
0
m98yahyaAuthor Commented:
I've try both solutions but still fail
0
JivkoCommented:
Did you try this:
ip route add 192.1.1.1 dev eth0

??

0
brabardCommented:
Well some basic things about routing .
You know the policy is simple - when some packet is received from router , it check its destination address for matches in routing table . First go to directly connected networks , then to static routes , then to the dafault gw .
So , if Sun is somewhere after WAN interface and it hase public ip address , assuming this interface is your default gateway , you don't need static routes , you need only source natting .
That means , you are changing private ip address 192.168.3.x with your public one belonging to WAN interface and deliver that packet to the external net - the other routers must deliver it to the destination .

The other situation is if you don't have public ip address in WAN interface , or the path to Sun is not via that interface . In that case you have to use static routing , as is shown by Jivko .
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
m98yahyaAuthor Commented:
Hi guys, today I try to make the problem simple. I want to combine 172.25.123.x with 192.1.1.x
i use smoothwall pendolino for the linux box, using 2 NIC, configured as:
eth0: 172.25.123.234/24 broadcast at 172.25.123.255 (this is for LAN iface)
eth1: 172.26.123.234/24 broadcast at 172.26.123.255 (this iface is connected to ADSL modemrouter. my internet connection is ok)

now i try to make an alias for eth0 with ifconfig:
ifconfig eth0:1 192.1.1.234 netmask 255.255.255.0 broadcast 192.1.1.255

my ifconfig show:

[root@smoothwall root]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:04:76:8D:7F:C0  
          inet addr:172.25.123.234  Bcast:172.25.123.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:565340 errors:0 dropped:0 overruns:1 frame:0
          TX packets:173947 errors:0 dropped:0 overruns:0 carrier:6
          collisions:151 txqueuelen:100
          RX bytes:62145247 (59.2 Mb)  TX bytes:172310064 (164.3 Mb)
          Interrupt:5 Base address:0x7400

eth0:1    Link encap:Ethernet  HWaddr 00:04:76:8D:7F:C0  
          inet addr:192.1.1.234  Bcast:192.1.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:5 Base address:0x7400

eth1      Link encap:Ethernet  HWaddr 00:40:05:10:69:2C  
          inet addr:172.26.123.254  Bcast:172.26.123.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:168957 errors:0 dropped:0 overruns:0 frame:0
          TX packets:540111 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:169192024 (161.3 Mb)  TX bytes:59181830 (56.4 Mb)
          Interrupt:10 Base address:0x7000

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:166 errors:0 dropped:0 overruns:0 frame:0
          TX packets:166 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:23034 (22.4 Kb)  TX bytes:23034 (22.4 Kb)


my route show:

[root@smoothwall root]# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.25.123.0    *               255.255.255.0   U     0      0        0 eth0
192.1.1.0       *               255.255.255.0   U     0      0        0 eth0
172.26.123.0    *               255.255.255.0   U     0      0        0 eth1
default         172.26.123.234  0.0.0.0         UG    0      0        0 eth1


the 192.1.1.0 line have been added automatically.

as u see, my ifconfig print eth0:1 for 192.1.1.234, but in my route, it say 192.1.1.0 is using eth0.
-now i can ping to 192.1.1.x. from linux box.
-host using 192.1.1.x (which gateway is set to 192.1.1.234) can ping to linux box, can access internet but cannot ping to 172.25.123.x

my sysctl net.ipv4.ip_forward show:
net.ipv4.ip_forward=1

help me please.
0
JivkoCommented:
From host using 192.1.1.x try to ping 172.25.123.234-eth0 on the linux box and say if you can
0
brabardCommented:
Well , everything seems ok exept of your kernel filtering . What Linux distro ? What is the output from iptables-save ?
0
m98yahyaAuthor Commented:
Yes, i can ping from 192.1.1.x  to 172.25.123.234, 172.26.123.234 and 192.1.1.234

how to see what linux distro? i try uname -a and get:
Linux smoothwall 2.4.22 #4 Mon Sep 1 17:13:58 BST 2003 i686 i686 i386 GNU/Linux

i try iptables-save but :
-bash: iptables-save: command not found

is it normal to get eth0 instead of eth0:1?

thank you very much in advance
0
JivkoCommented:
Set the default gateway of the machines in 172.25.123.x subnet to be 172.25.123.234. Or add a static route to 192.1.1.x:
Win:
route ADD 192.1.1.0 MASK 255.255.255.0  172.25.123.234 -p

*NIX:
ip route add 192.1.1.0/24 via 172.25.123.234
0
m98yahyaAuthor Commented:
i was set the gateway like that since before, and cannot ping to the other subnet. now i try to add route from a win98 pc 172.25.123.x using:
 route ADD 192.1.1.0 MASK 255.255.255.0  172.25.123.234 -p

it seem not working, maybe it is because -p, so i try
route ADD 192.1.1.0 MASK 255.255.255.0  172.25.123.234 METRIC 2

now it is added into routing table:
C:\WINDOWS\Desktop>route print

Active Routes:

  Network Address          Netmask  Gateway Address        Interface  Metric
          0.0.0.0          0.0.0.0   172.25.123.234   172.25.123.206       1
          0.0.0.0          0.0.0.0   172.25.123.254   172.25.123.206    1000
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1       1
     172.25.123.0    255.255.255.0   172.25.123.206   172.25.123.206       1
   172.25.123.206  255.255.255.255        127.0.0.1        127.0.0.1       1
   172.25.255.255  255.255.255.255   172.25.123.206   172.25.123.206       1
        192.1.1.0    255.255.255.0   172.25.123.234   172.25.123.206       2
        224.0.0.0        224.0.0.0   172.25.123.206   172.25.123.206       1
  255.255.255.255  255.255.255.255   172.25.123.206          0.0.0.0       1

try ping to 192.1.1.x... still get Request timed out :(
----------------------------------------------------------------------------------------
Is it because my iptables rules? it is created by smoothwall. is the 'disable spoofing' feature make the firewall deny route back packets?

[root@smoothwall root]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination        
ipac~o     all  --  anywhere             anywhere          
ipblock    all  --  anywhere             anywhere          
ipblock    all  --  anywhere             anywhere          
ipblock    all  --  anywhere             anywhere          
advnet     all  --  anywhere             anywhere          
advnet     all  --  anywhere             anywhere          
advnet     all  --  anywhere             anywhere          
spoof      all  --  anywhere             anywhere          
spoof      all  --  anywhere             anywhere          
spoof      all  --  anywhere             anywhere          
ACCEPT     all  --  anywhere             anywhere          
ACCEPT     all  --  anywhere             anywhere          
secin      all  --  anywhere             anywhere          
block      all  --  anywhere             anywhere          
LOG        all  --  anywhere             anywhere           LOG level warning
REJECT     all  --  anywhere             anywhere           reject-with icmp-port-unreachable

Chain FORWARD (policy DROP)
target     prot opt source               destination        
ipac~fi    all  --  anywhere             anywhere          
ipac~fo    all  --  anywhere             anywhere          
ipblock    all  --  anywhere             anywhere          
ipblock    all  --  anywhere             anywhere          
ipblock    all  --  anywhere             anywhere          
secout     all  --  anywhere             anywhere          
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state NEW
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state NEW
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere           state NEW
portfwf    all  --  anywhere             anywhere          
ACCEPT     all  --  anywhere             anywhere          
ACCEPT     all  --  anywhere             anywhere          
LOG        all  --  anywhere             anywhere           LOG level warning
REJECT     all  --  anywhere             anywhere           reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
ipac~i     all  --  anywhere             anywhere          

Chain advnet (3 references)
target     prot opt source               destination        

Chain block (1 references)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere          
xtaccess   all  --  anywhere             anywhere          
ipsec      all  --  anywhere             anywhere          
ipsec      all  --  anywhere             anywhere          
ipsec      all  --  anywhere             anywhere          
ACCEPT     icmp --  anywhere             anywhere          
ACCEPT     icmp --  anywhere             anywhere          
ACCEPT     icmp --  anywhere             172.26.123.0/24    

Chain dmzholes (0 references)
target     prot opt source               destination        

Chain ipac~fi (1 references)
target     prot opt source               destination        
           all  --  anywhere             anywhere          
           all  --  anywhere             anywhere          

Chain ipac~fo (1 references)
target     prot opt source               destination        
           all  --  anywhere             anywhere          
           all  --  anywhere             anywhere          

Chain ipac~i (1 references)
target     prot opt source               destination        
           all  --  anywhere             anywhere          
           all  --  anywhere             anywhere          

Chain ipac~o (1 references)
target     prot opt source               destination        
           all  --  anywhere             anywhere          
           all  --  anywhere             anywhere          

Chain ipblock (6 references)
target     prot opt source               destination        
REJECT     all  --  cs73.msg.sc5.yahoo.com  anywhere           reject-with icmp-port-unreachable
REJECT     all  --  216.136.0.0/16       anywhere           reject-with icmp-port-unreachable
LOG        all  --  www.friendster.com   anywhere           LOG level warning
REJECT     all  --  www.friendster.com   anywhere           reject-with icmp-port-unreachable
LOG        all  --  UNKNOWN-66-163-160-0.yahoo.com/19  anywhere           LOG level warning
REJECT     all  --  unknown-66-163-160-0.yahoo.com/19  anywhere           reject-with icmp-port-unreachable

Chain ipsec (3 references)
target     prot opt source               destination        
ACCEPT     udp  --  anywhere             anywhere           udp dpt:isakmp
ACCEPT     gre  --  anywhere             anywhere          
ACCEPT     ipv6-crypt--  anywhere             anywhere          

Chain portfwf (1 references)
target     prot opt source               destination        

Chain secin (1 references)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere          

Chain secout (1 references)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere          

Chain spoof (3 references)
target     prot opt source               destination        
DROP       all  --  172.25.123.0/24      anywhere          

Chain xtaccess (1 references)
target     prot opt source               destination        
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:auth
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:auth
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:auth
0
brabardCommented:
Ophh , how could it work at all:))
I lost my self in your kernel filtering rules . And I guess in mangle and nat tables the situation is the same .
Let you specify what you need as network flows and will help you to build iptables from begiining .
0
brabardCommented:
Btw , why your windows machine have two default gateways ?
0
m98yahyaAuthor Commented:
did you mean this line?:
 172.25.255.255  255.255.255.255   172.25.123.206   172.25.123.206       1

172.25.123.206 is my windows machine ip address. this line was added by windows automagically :)

I'm sorry, i afraid i cannot reduce the rules as it is generated by smoothwall. I can manipulate it through smoothwall web application interface, but not directly (at least for now).

as I cant solved the problem completely, i have to find a work around so my customer dont flame me :) Actually they used Linux router project (LRP) as router and firewall before, and its work. so i just reconfigure the LRP machine to support several more subnets. If they need better control on their firewall, i will connect the LRP to smoothwall box, so the LRP will act as router and smoothwall will act as firewall.

Anyway I still dubt that the problem are my filtering rules. I'll try to study how its work, but for now i can sleep tight....

Lastly, thank you very much for you guys especially for brabard and jivko. I'l split the point to you two.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.